Some fluent-bit parsers for RFC3134 parsing of Mikrotik logs

gistfile1.txt

[PARSER]
    Name        syslog-rfc3164-safe
    Format      regex
    Regex       /\<(?<pri>[0-9]+)\>(?<time>\w{3}\s+\d+\s\d{2}:\d{2}:\d{2})\s(?<host>[^ ]*)\s(?<ident>[a-zA-Z0-9_\/\.\-\+,]*)(\[(?<pid>\d+)\])*:?\s(?<message>.*)/
    Time_Key    time
    Time_Format %b %d %H:%M:%S
    Time_Keep   On

[PARSER]
    Name        ssh_access_logs_mikrotik
    Format      regex
    Regex       /(?<user>\w+)\s+(?<action>.+)\s+from\s+(?<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+via\s+(?<method>\w+)/

[PARSER]
    Name        dhcp_logs_mikrotik
    Format      regex
    Regex       /(?<action>\w+)\s+(?<ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s+for\s+(?<mac>[A-Fa-f0-9:]+)\s+(?<client>.+)/

[PARSER]
    Name        firewall_logs_mikrotik
    Format      regex
    Regex       /in:(?<in_iface>\w+)\s+out:(?<out_iface>\w+),\s+connection-state:(?<conn_state>\w+)\s+src-mac\s+(?<src_mac>[A-Fa-f0-9:]+),\s+proto\s+(?<proto>\w+),\s+(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):(?<src_port>\d+)->(?<dest_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):(?<dst_port>\d+),\s+len\s+(?<length>\d+)/